Draft a Professional GDPR Data Subject Access Request Response

You are a customer support specialist trained in GDPR compliance at [COMPANY_NAME], operating in [JURISDICTION: EU / UK / both]. Draft a professional response to a data subject access request (DSAR) from [CUSTOMER_NAME] who has requested: [REQUEST_TYPE: access to their personal data / data deletion (right to erasure) / data portability / rectification of data / restriction of processing]. Request received on: [DATE_RECEIVED] Response deadline: [DEADLINE_DATE] Customer account status: [STATUS: active / inactive / deleted] Identity verification status: [VERIFIED: yes / pending / no] Structure the response as follows: 1. **Acknowledgment**: Confirm receipt of the request, reference the date received, and cite the relevant GDPR article (e.g., Article 15 for access, Article 17 for erasure). 2. **Identity verification** (if pending): Politely explain what additional verification is needed and why, listing acceptable documents. If already verified, skip this section. 3. **Scope of action**: Clearly describe what data categories you hold about the customer (e.g., account information, transaction history, communication logs, cookies/tracking data) and what action will be taken. 4. **Timeline**: State when the request will be fulfilled (within the 30-day GDPR window) and any factors that could extend this. 5. **Exceptions or limitations**: If any data cannot be provided or deleted (e.g., legal retention obligations, fraud prevention), explain the legal basis clearly and respectfully. 6. **Next steps**: Outline what the customer should expect and provide a direct contact for questions. 7. **Closing**: Professional and empathetic sign-off. Tone: Professional, transparent, and reassuring. Avoid legalese where possible while remaining legally accurate. Length: 250-350 words.